Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Remediation
References
Related Vulnerabilities
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
WordPress Plugin More Fields Cross-Site Request Forgery (2.1)
WordPress Plugin Export Post Info Cross-Site Scripting (1.1.0)
WordPress Plugin LearnPress-WordPress LMS Multiple Vulnerabilities (4.1.7.3.2)
WordPress Plugin Easy Digital Downloads QR Code Cross-Site Scripting (1.1.0)